[Ilugc] query about virus attack on UNIX / LINUX environment
- From: kapil@xxxxxxxxxxx (Kapil Hari Paranjape)
- Date: Thu Sep 17 18:48:08 2009
Hello,
On Thu, 17 Sep 2009, Girish Venkatachalam wrote:
Cryptography requires randomness in everything. Crypto alone cannot
solve security problems.
I will take a different fork here from what Girish said and add
that programs alone cannot ensure security for a computer system. A
good system _encourages_ good security practices. Some examples of
such practices that are the _default_ on most *nix like systems.
1. Ensuring that people do not use the administrator account
for day-to-day work.
2. Providing means to check that software is downloaded from reliable
sources.
3. Providing enough software from reliable sources at low cost so
that people are not encouraged to depend on unreliable sources.
4. Clearly demarcating system areas from user areas so that users
can ensure the integrity of these areas _independently_.
5. Using privilege separation to limit access to files,
executables and devices.
6. Providing a path by which users can learn more about their system
in order to improve their security through better understanding.
7. Educating the user through (a) clear notifications when they attempt
something potentially risky and (b) explicit documentation of the
vulnerable aspects of their system.
I am sure I have missed some, but you probably get the idea. The point
is that most of these practices are _less_ convenient on Windows than
they are on a generic *nix. Security is always fighting with
convenience so reducing the inconvenience of secure operations is
always important.
Effectively, Windows systems encourage their users to use them in a
manner which is not secure![*]
Regards,
Kapil.
[*] One of my biggests fear is that modern "easy-to-use"
Desktop versions of GNU/Linux will copy this unfortunate
"ease-of-use-wins-over-security" attitude of Windows.
--
Other related posts:
